我怎样才能从Tomcat迁移SSL到Apache HTTPD? [英] How can i migrate SSL from Tomcat to Apache HTTPD?
问题描述
我迁移我的单台服务器的tomcat到集群,负载平衡和apache httpd的(与反向代理的mod_proxy)缓存。
是否有可能将证书和密钥对Apache格式转换或者我必须重新发出整个事情?
I am migrating my single server tomcat to a cluster, load balanced and cached by Apache HTTPD (reverse proxy with mod_proxy). Is it possible to convert the certificate and keys to the apache format or i have to re-issue the whole thing?
推荐答案
这是很容易直接与密钥工具
提取证书,这是一个有点棘手提取私钥(虽然你可以编写程序这样做)。我建议使用的组合密钥工具
和的OpenSSL
。
It's quite easy to extract the certificates directly with keytool
, it's a bit trickier to extract the private key (although you could write programs to do so). I'd suggest using a combination of keytool
and openssl
.
如果您的密钥存储在PKCS#12格式(.p12文件),跳过此步骤。将您的JKS存储到使用密钥工具
(需要的版本从Java 6 +)
If your keystore is in PKCS#12 format (.p12 file), skip this step. Convert your JKS store into a PKCS12 store using keytool
(need version from Java 6+)
keytool -importkeystore -srckeystore thekeystore.jks \
-srcstoretype JKS \
-destkeystore thekeystore.p12 \
-deststoretype PKCS12
然后,提取使用OpenSSL的证书:
Then, extract the certificate using openssl:
openssl pkcs12 -in thekeystore.p12 -clcerts -nokeys -out servercert.pem
提取私钥:
umask 0077
openssl pkcs12 -in thekeystore.p12 -nocerts -nodes -out serverkey.pem
umask 0022
需要注意的是,由于在提取时,私钥 -nodes
选项时,私钥文件将不被保护(因为它不能有密码要通过apache httpd的使用),所以请确保没有其他人可以阅读。
Note that, because the -nodes
option is used when extracting the private key, the private key file won't be protected (as it mustn't have a password to be usable by Apache Httpd), so make sure no one else can read it.
然后,使用配置Apache的httpd <一个href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatefile\"><$c$c>SSLCertificateFile$c$c>和<一个href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatekeyfile\"><$c$c>SSLCertificateKeyFile$c$c>后分别指向证书文件和私钥文件。
Then, configure Apache Httpd using SSLCertificateFile
and SSLCertificateKeyFile
to point to the certificate file and the private key file, respectively.
这篇关于我怎样才能从Tomcat迁移SSL到Apache HTTPD?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!